Additional Changes/Fixes Available in Versions

What's New?

The enhancements and changes that are available in Build 48.18.

Analytics

View log expression details in Security Insight report

In Security Insight, you now view detailed log information about violations that has been intercepted by the NetScaler instance. If you have configured log expressions for Application Firewall profile in the NetScaler instance, you can now view the following details:

* Log Expression Name - The name of the log expression defined in the Application Firewall profile.

* Log Expression Value - The value returned by NetScaler based on the log expression defined in the Application Firewall profile. The values include request header, request body and so on.

[# 680656]

Application score threshold breach notifications

Application analytics on NetScaler MAS allows you to monitor the various types of traffic passing through NetScaler instances. You can now set thresholds breach notification for App Score counter to watch the insight traffic. You can also configure rules and create alerts for any breach of threshold values in NetScaler MAS.

[# 693756]

Application dashboard improvements

In NetScaler MAS GUI, the following changes have been made to improve the usability of the application dashboard:

1. The "0" app score represents the number of virtual application servers that are down or out of service. This "0" application score is now part of the existing app score legend in application dashboard view.

2. The app summary panel now displays the text "Showing N/N Apps" instead of the earlier "Total Apps N/N." Consider an example where you choose 60 in the app score graph. There are 16 applications out of the total 26 applications that have an app score between 40 and 60. The app summary panel displays "Showing 16/26 Apps." If no criteria is selected, the app summary panel displays "Showing 26/26 Apps."

3. The app summary panel now displays a new chart to filter applications based on the applicable categories. A new application category chart is added to the app summary panel. This chart displays a histogram for all categories defined in NetScaler MAS. All discrete applications now appear under "Others" category, and custom applications appear under their respective category names. These category names are assigned while defining custom applications.

For more information, see Application Analytics and Management.

[# 700924]

View rule id of signature in Security Insight report

The Security Insight report for signature violations now includes rule ID of each signature.

[# 701416]

New search option in Security Insight report

You can now search the Security Insight report for signature violations based on signature ID.

[# 701423]

Enhanced application peak usage

You can now assess the peak usage trend of an application. You can also compare the impact on the application performance based on App Score from the Application Dashboard. You can use the peak usage trend and performance impact on the application information and make necessary changes in your deployment. This trend helps to improve the performance of the application.

To view the peak usage trend of an application, navigate to Applications > App Dashboard. Select the application and click Peak Usage.

[# 702625]

Web Insight optimization

Optimized Web Insight analytics functionality on NetScaler MAS allows for better performance and a new data structure for better usage of memory. A new data structure provides optimal query performance on the database and improves the efficiency of the disk usage. The functionality improves both the error handling and exception management processes. The approximation algorithm that is part of this optimization functionality allows netScaler MAS to process the top 10,000 records in the database.

[#688206]

Applications

NetScaler MAS now allows you to create custom applications by using either default or custom StyleBooks. StyleBooks simplify the task of managing complex NetScaler configurations for your applications. So, when you define custom applications on the application dashboard page, you can now select a StyleBook present in NetScaler MAS. NetScaler MAS then creates the configuration on the target NetScaler instances based on the StyleBook selected. NetScaler MAS also creates a custom application made up of all the virtual servers in the configpack.

Note: A custom application and configpack are created if sufficient licenses are available and if virtual server licensing is not set to manual.

[# 684460]

Licensing

Ability to allocate licenses to NetScaler VPX instances based on the virtual CPU requirements

NetScaler MAS now supports allocating licenses to NetScaler instances based on the virtual CPU requirements of those instances. The licenses are checked out from the licensing server for only the number of virtual CPUs running on it.

[# 702324, 681580]

Networks

View LOM version on instance dashboard

You can now view the Lights Out Management (LOM) version of the managed instances on the chosen instance’s dashboard. By viewing the LOM version, you can now update your instances to the latest version. You can view the LOM version for NetScaler instances and NetScaler SDX appliances.

[# 674386]

Network interface throughput report

You can now generate and export performance reports for each interface of the selected NetScaler instance. The performance data collected is based on the counters selected and the data transmitted and received by the NetScaler instance.

[# 683417]

Warning message when more than permitted virtual servers are selected

A warning message is displayed when you manually select more than allowed virtual servers and apply the licenses. Navigate to Networks > License Settings > System Licenses. You can manually apply licenses to the virtual servers by setting the Auto-select virtual servers to "off" and clicking "Click to select." In the License Virtual Servers page you can see a list of virtual servers. You can select the required type of virtual server and the required number of virtual servers to be licensed or unlicensed and click the button. The licenses are either applied or removed. You can then see a display on top right side of the page that indicates the number of licensed virtual servers against the total number of virtual servers that can be licensed. You cannot select more virtual servers than the allotted capacity.

[# 687058, 676037]

NetScaler throughput report

You can now generate reports for selected NetScaler instances for throughput. Using the generated throughput reports, you can monitor network reporting data for each specific instance on the Network Reporting dashboard.

[# 687555, 687185]

Network inventory improvements

You can now view the complete list of instances maintained by NetScaler MA Service. You can view the inventory report by navigating to Networks > Dashboard and click All Instances in the top right corner of your screen. The new inventory report displays the following information:

• All instances

• Instance versions

• Serial numbers

[# 687676, 687682]

Polling progress indicator

You can now view the status of your polling action for instances on NetScaler MAS. You can manually poll the instances for instance certificates, configuration audits, and discovery by choosing the Poll Now action. Previously, the GUI only displayed that the polling was initiated. Now, you can see the progress of the polling and the polling complete status. You can also view the information retrieved from the instance during the polling action.

[# 688916]

Disaster Recovery feature for NetScaler MAS

The Disaster Recovery (DR) feature provides full system backup and recovery capabilities for NetScaler MAS 12.1 deployed in HA mode in the data center. This feature provides the data center-level backup and recovery of data.

In the NetScaler MAS GUI, from the menu navigate to System > System Administration > under Backup Settings, and click Disaster Recovery Settings.

Few key points for disaster recovery are as follows:

• This feature is supported with NetScaler MAS nodes that are deployed in high availability mode only.

• Recovery site is in a different data center or remote location across the geography.

• Floating IP (FIP) is mandatory to register the recovery site.

• Recovery site must be brought to active state manually by the admin.

You can now view the model ID information of the NetScaler VPX instance that is hosted on a NetScaler SDX appliance. Previously, under model ID column the information was displayed as "0" instead of the NetScaler SDX appliance model information.

[# 699536]

View hardware model ID information in NetScaler instances dashboard

Hardware model ID information for NetScaler instances was earlier shown in their respective dashboards. This information is now brought into the respective lists. This is an optional column, which can be shown by selecting model ID over the list settings.

1) Networks > Instances > NetScaler VPX

2) Networks > Instances > NetScaler MPX

3) Networks > Instances > NetScaler Gateway

4) Networks > Instances > NetScaler SWG

5) Networks > Instances > NetScaler CPX

[# 699550, 699551]

View model ID and host ID information about NetScaler instances

You can now view information about the following parameters of NetScaler instance on NetScaler MAS.

Model ID: Displays the model ID that is derived from the type of license that is applied to a NetScaler instance. You can view the model ID on the Instances page and the Instance Dashboard.

Host ID: Displays the host ID, which is the Mac ID of a NetScaler instance. The Host ID is used to generate the license for the NetScaler instance. You can view the host ID on the Instances page and the Instance Dashboard.

[# 700266]

Improved network reporting dashboard

You can now create customized dashboards with multiple widgets that display different reporting data. You can view multiple reports for any number of virtual servers and up to 10 instances on your customized dashboard. You can also customize the duration of your reports and export them for further analysis.

[# 702016]

Support for multi-site using agents

Install the NetScaler MAS agents using the multi-site agents to communicate with devices within a data center. Configure the devices to send data to agents instead of NetScaler MAS directly. These agents process the data before sending it to the NetScaler MAS. The processed data is sent in a compressed format to NetScaler MAS for storage. This preprocessing and compressing of data saves the WAN link bandwidth. Agents perform the first level of data processing hence offloading some processing on the NetScaler MAS.

NetScaler MAS now allows you to add NetScaler instances and associate them with sites. While discovering an instance, you can either create a site or select an existing site. Provide the NetScaler MAS agent details and always associate the agent with the site.

To add an instance:

1. Navigate to Networks > Instances.

2. Select the type of NetScaler instance and click Add.

3. Enter the IP address and select the profile.

4. Select the site and the agent.

5. Click the edit icon next to the Agent field.

6. Select the agent and click Attach Site and select the required site.

7. Click OK.

The instance is now associated with the site. Navigate to the Networks Dashboard to view the newly added instances under the associated site.

For more information, see How to Monitor Globally Distributed Sites.

[# 702019]

Instance dashboard improvements

The per-instance dashboard in NetScaler MAS displays data polled from a specific instance. By default, every minute, managed instances are polled for data collection and statistical information are continuously collected using NITRO calls. The following statistics are collected:

• State of the instance

• HTTP requests per second

• CPU usage

• Memory usage

• Throughput.

As an administrator, you can view all this collected data on a single page. You can also identify issues in the instance and take immediate action to rectify them.

The Overview tab which displays CPU, memory usage, and events of a specific instance. You can view other instance-specific dashboards for more detailed information of your instance. The other tabs are – SSL, configuration audit, network functions, and network usage.

[# 705421]

Improved high availability feature for NetScaler MAS

High availability on NetScaler MAS 12.1 is now improved with new features. If your NetScaler MAS servers deployed in high availability mode are in different subnets, see Upgrade NetScaler MAS topic before proceeding with NetScaler MAS HA upgrade. After the upgrade is complete, configure floating IP address so that the Load balancing VIP is no longer required to access the NetScaler MAS GUI. A few of the improvements are listed as follows:

• Configuring Floating IP:

- A Floating IP is an IP address that can be instantly moved from one node to another in the same subnet. Internally, it is set up as an alias on the network interface of the primary node.

- SNMP/Syslog/Analytics traffic is received through floating IP.

- Reconfiguration of devices is not required after the failover as the floating IP handles this use case.

Orchestration

Citrix recommends that you must change the NetScaler MAS database connection parameters in controlcenter.adminservice.conf.template that enables NetScaler MAS to support concurrent execution of load balancing requests from multiple tenants of OpenStack.

[# 703684]

StyleBooks

You can now use StyleBooks to define the load balancing deployment process for Oracle E-Business Suite 12.2 with Citrix NetScaler. The configuration consists of the definition of load balancing virtual servers and services that are bound to the individual Oracle E-Business Suite servers.

[# 679553, 680063, 679550]

Configuring NetScaler instances as ADFS proxy using a StyleBook

You can now configure a NetScaler instance to work as a reverse proxy for Active Directory Federation Services (ADFS 2.0) using StyleBooks. The NetScaler instance can now extend the SSO experience for Active Directory-authenticated clients to resources outside the enterprise data center. The instance can now support both active and passive ADFS authentication.

[# 696203]

Ability to migrate existing ConfigPacks to a different StyleBook

NetScaler MAS now allows you to migrate (or upgrade) your ConfigPack to a new StyleBook without removing and recreating the ConfigPack. This feature allows you to retain all the configurations on the target instances.

Consider that the parameters of the new StyleBook are a superset of those in the existing StyleBook. Then, NetScaler MAS can migrate your configpack to the new StyleBook without you having to type any parameter values again. Note: Any new parameters that are assumed to be part of the new StyleBook are optional.

During migration, NetScaler MAS performs a config diff between the existing config and the new config generated by the new StyleBook. NetScaler MAS then decides what config objects must be added, removed, or updated on the target NetScaler instances.

There is no restriction in migrating your ConfigPack between any two StyleBooks in NetScaler MAS. You can also revert the migrated ConfigPack to the previous StyleBook.

[# 699789, 682833, 674639]

System

Monitor and query CPU, memory and disk usage MIB objects

You can configure NetScaler MAS as an SNMP agent so that an external SNMP manager can monitor and query CPU, memory, and disk usage MIB objects. To query the NetScaler MAS MIB objects, you must specify the following:

• Community string

• IP address of the SNMP manager

• SNMP access level

[# 690650]

Fixed Issues

The issues that are addressed in Build 48.18.

Analytics

NetScaler MAS upgrade from 12.0 to 12.1 fails for this scenario: the database summarization configuration (days to persist hourly data) is set for more than ten days (default is one day) for Analytics.

[# 710501]

High Availability

You must enable "Allow MAC address changes" option in the virtual switch for both primary and secondary nodes of NetScaler MAS that are in high availability mode.

[# 710771]

Networks

Though you disable the auto selection of virtual servers for licensing feature, it is enabled by default after upgrading to 12.1

[# 710490]

SNMP v3 based event reporting does not work after upgrading NetScaler MAS to version 12.1. Citrix recommends the following workaround for the NetScaler instances in version 12.1, 48.13 build added in NetScaler MAS.

[# 710564, 673744]

You cannot schedule exporting of reports in Network Reporting because the export input parameter for external user list exceeds the limit of 4096 chars.

[# 710872]

System

When you upgrade NetScaler MAS from 12.0 to 12.1, only one non-default site is preserved and rest are deleted. You must create the sites again. There is no workaround for this issue.

[# 710509]

Certificates that have pass phrase in them have difficulty connecting to database.

[# 710876]

When you upgrade NetScaler MAS from 12.0 57.x to 12.1 build, SNMP traps are not sent to external trap managers when the SSL certificate of the NetScaler instance has expired.

[# 711038]

Known Issues

The issues that exist in Build 48.18.

Analytics

Values for un-optimized number of plays appear only for the 0 to 200 Kbps range in the Play Time Distribution and Data Volume Distribution charts in Video Insight.

[# 693961]

NetScaler Gateway

The Gateway Insight authentication failure record that is exported from the SAML authentication record does not display the username.

[# 698321]

StyleBooks

This issue is seen when Multicloud-GLB StyleBook is used for GSLB configuration with static proximity configuration.

The configuration on the NetScaler instance is not rolled back to the previous state if update action or delete action fails and the location file is not added back to NetScaler instance.

Workaround: Manually delete the ConfigPack and add the location file.

[# 707290]

If there is an error while importing a StyleBook in 'raw' format, the scroll bar in the StyleBook editor stops working. Sometimes, the scroll bar doesn't work after deleting a StyleBook.

Workaround: Refresh the page.

[# 710372]

System

Instead of using the advanced backup capability to take a complete backup of your NetScaler MAS server, you can now use the new Disaster Recovery feature made available in NetScaler MAS version 12.1 to take a complete backup of your NetScaler MAS high availability setup and help with business continuity use cases.

Important:

1. The advanced backup feature is no longer available after you upgrade to NetScaler MAS 12.1. To remove the advanced backup feature, and to continue backing up your NetScaler MAS serverusing the Disaster Recovery feature. Disaster Recovery is supported only with NetScaler MAS HA.

2. To continue to take a partial backup of the NetScaler MAS server that includes the configuration files, instance details, system data, and so on and then, to restore your NetScaler MAS server in a standalone deployment (partial backup), see How to Back up and Restore your NetScaler MAS Server in a Single-Server Deployment.

[# 704758]

Modifications to the steps followed to deploy NetScaler MAS

From NetScaler MAS 12.1 release onwards, when you first deploy NetScaler MAS, ensure to follow the steps detailed below:

1. After you install the NetScaler MAS image, configure the initial network configuration parameters and save the configuration settings.

3. When prompted, log on using nsrecover/nsroot credentials.

4. Execute the deployment script by typing the command at the shell prompt:

deployment_type.py

5. Depending on the type of NetScaler MAS deployments, do one of the following: